Tax risk can arise within several aspects of a company’s business: operations, transactions, financial statement disclosure, and compliance.  An increased focus on tax risk management has come about as increased regulation, such as the Sarbanes-Oxley Act, has uncovered many weaknesses in internal controls over income tax financial reporting.  FIN 48 has also required that companies provide greater transparency.  The requirements of FIN 48 have increased companies focus on tax risk management greatly.  When developing a tax risk management plan, senior management and the tax department need to work together and agree on an approach to tax risk management and oversight.

KPMG conducted a survey among 546 board members, senior management, CFOs, tax executives, and finance and accounting professionals concerning tax risk management.  The respondents came from a spectrum of large and small companies. Some of the findings for the study are discussed below.

  • 73% of the respondents stated that the definition of tax risk is primarily the risk of noncompliance with tax laws.

Respondents were allowed multiple responses for this question, thus several of the results were close.  Other definitions include: financial reporting risks, unintended tax consequences of company transactions, and unsupportable tax positions/audit risk.

  • 53% of the respondents claimed that financial reporting risks are the most significant aspects of tax risk currently facing their organization.

When examined by respondent category (tax executives, accounting executive/controller, c-level other, CFO, and audit committee/board member), non-tax respondents claimed that “risk of noncompliance with tax laws” and “unintended tax consequences of company transactions” are the most important aspects of tax risk currently facing their companies.

  • 60% of the respondents claimed that tax risk assessment and management has become more of a priority for their organization’s leadership.

Yet, only 20% of the respondents claimed that their organizations have a formal tax risk management strategy.  So, despite companies’ increased emphasis on tax risk management, organizations are struggling to create formal strategies.

  • 60% stated that their organization does not have a formal, documented, tax risk management strategy.

Another 20% claimed that they are not certain if their company has a formal tax risk management strategy.  So, in some organization, there may be formal strategies, but the strategies are not effectively communicated and organized.  Of those who claimed that they do not have a formal tax risk management strategy, most stated that the reason is due to the organization not believing that tax risk management is a priority.  Other reasons include, “the organization has its tax risk profile in order,” and “the organization does not have any material weaknesses.”

The number one motivating reason to develop a tax risk management strategy was due to “enhanced regulatory pressure for transparency in tax reporting.”  This was also indicated to be the greatest tax risk challenge companies will face over the next two years.  With respect to those who are and should be in charge of an organization’s tax risk management:

  • 52% of the respondents claimed that their CFOs are responsible for communicating tax risks to the organization’s senior management and the board.
  • Yet, 51% stated that the tax department should be the group responsible for communicating tax risk to the organization’s senior management and the board.

Though many organizations do not have a formal tax risk management strategy, these organizations are increasingly likely to take steps toward creating a formal strategy due to increasing regulatory pressures.  To create an effective tax risk management strategy, organizations need to collaborate on how to identify, monitor, communicate, and mitigate their company’s tax risks.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2007-12-31